The PostgreSQL Security team is pleased to announce that PostgreSQL is now a CVE Numbering Authority (CNA). A CNA has responsibilities for assigning CVE IDs and participating in responsible disclosure with projects within its scope. You can find out more information about the role of PostgreSQL as a CNA on the PostgreSQL security page:
The process for reporting a security vulnerability in PostgreSQL has not changed. If you believe you have discovered a security vulnerability in PostgreSQL, please send an email to security@postgresql.org. For more information on what is considered a vulnerability and the reporting process, please review the PostgreSQL security page: